Adobe Experience Manager XSS Vulnerability

MEDIUM (5.4) No Patch (4 days)
cwe-79adobecontent-management-systemcross-site-scriptingexperience-managerxss

Threat Intelligence

Low Risk
EPSS Score: 0.03% chance of exploitation (percentile: 8%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Adobe Experience Manager is a content management system used by organizations to manage and publish their digital content. The vulnerability in question allows an attacker to inject malicious JavaScript into vulnerable form fields, which can be executed in the victim's browser when they browse to the affected page. This poses a risk of Cross-Site Scripting (XSS) attacks.

Am I affected?

Affected versions: 6.5.23

Affected Products

Adobe / Adobe Experience Manager

How to fix

To fix this vulnerability, upgrade to Adobe Experience Manager version 6.5.24 or later. Alternatively, you can apply the following immediate mitigations:

  1. Restrict network access to your AEM instance (firewall it from the public internet).
  2. Audit admin account activity for suspicious access patterns.
  3. Monitor for unauthorized token creation.

For more information on upgrading and patching, visit the Adobe Experience Manager security advisory page: https://helpx.adobe.com/security/products/experience-manager/apsb25-115.html

References